#! /bin/sh

# Build Open Container Initiative (OCI) container image suitable as a base for
# static-linked workloads. This contains mtree directories, SSL certificates and
# a few other config files.

OCI_BASE_IMAGE=

oci_image_build() {
	local srcdir=${curdir}/..
	local m=${workdir}/rootfs
	mtree -deU -p $m/ -f ${srcdir}/etc/mtree/BSD.root.dist > /dev/null
	mtree -deU -p $m/var -f ${srcdir}/etc/mtree/BSD.var.dist > /dev/null
	mtree -deU -p $m/usr -f ${srcdir}/etc/mtree/BSD.usr.dist > /dev/null
	mtree -deU -p $m/usr/include -f ${srcdir}/etc/mtree/BSD.include.dist > /dev/null
	mtree -deU -p $m/usr/lib -f ${srcdir}/etc/mtree/BSD.debug.dist > /dev/null
	install_packages ${abi} ${workdir} FreeBSD-zoneinfo
	cp ${srcdir}/etc/master.passwd $m/etc
	pwd_mkdb -p -d $m/etc $m/etc/master.passwd || return $?
	cp ${srcdir}/etc/group $m/etc || return $?
	# termcap.small is generated so we get it from OBJDIR - make sets our
	# working directory to OBJDIR/release
	cp ../etc/termcap/termcap.small $m/etc/termcap.small || return $?
	cp ../etc/termcap/termcap.small $m/usr/share/misc/termcap || return $?
	env DESTDIR=$m \
	    TRUSTPATH=${srcdir}/secure/caroot/trusted \
	    UNTRUSTPATH=${srcdir}/secure/caroot/untrusted \
	    certctl -c rehash
	# Generate a suitable repo config for pkgbase
	case ${branch} in
		CURRENT|STABLE|BETA*)
			repo=base_latest
			;;
		*)
			repo=base_release_${minor}
			;;
	esac
	mkdir -p $m/usr/local/etc/pkg/repos
	cat > $m/usr/local/etc/pkg/repos/base.conf <<EOF
FreeBSD-base: {
  url: "https://pkg.FreeBSD.org/\${ABI}/${repo}",
  mirror_type: "srv",
  signature_type: "fingerprints",
  fingerprints: "/usr/share/keys/pkg",
  enabled: yes
}
EOF

}
